Documentation ¶
Index ¶
- Variables
- type RBAC
- func (*RBAC) Descriptor() ([]byte, []int)deprecated
- func (x *RBAC) GetMatcher() *v31.Matcher
- func (x *RBAC) GetRules() *v3.RBAC
- func (x *RBAC) GetShadowMatcher() *v31.Matcher
- func (x *RBAC) GetShadowRules() *v3.RBAC
- func (x *RBAC) GetShadowRulesStatPrefix() string
- func (*RBAC) ProtoMessage()
- func (x *RBAC) ProtoReflect() protoreflect.Message
- func (x *RBAC) Reset()
- func (x *RBAC) String() string
- type RBACPerRoute
Constants ¶
This section is empty.
Variables ¶
View Source
var File_envoy_extensions_filters_http_rbac_v3_rbac_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type RBAC ¶
type RBAC struct { // Specify the RBAC rules to be applied globally. // If absent, no enforcing RBAC policy will be applied. // If present and empty, DENY. // If both rules and matcher are configured, rules will be ignored. Rules *v3.RBAC `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"` // The match tree to use when resolving RBAC action for incoming requests. Requests do not // match any matcher will be denied. // If absent, no enforcing RBAC matcher will be applied. // If present and empty, deny all requests. Matcher *v31.Matcher `protobuf:"bytes,4,opt,name=matcher,proto3" json:"matcher,omitempty"` // Shadow rules are not enforced by the filter (i.e., returning a 403) // but will emit stats and logs and can be used for rule testing. // If absent, no shadow RBAC policy will be applied. // If both shadow rules and shadow matcher are configured, shadow rules will be ignored. ShadowRules *v3.RBAC `protobuf:"bytes,2,opt,name=shadow_rules,json=shadowRules,proto3" json:"shadow_rules,omitempty"` // The match tree to use for emitting stats and logs which can be used for rule testing for // incoming requests. // If absent, no shadow matcher will be applied. ShadowMatcher *v31.Matcher `protobuf:"bytes,5,opt,name=shadow_matcher,json=shadowMatcher,proto3" json:"shadow_matcher,omitempty"` // If specified, shadow rules will emit stats with the given prefix. // This is useful to distinguish the stat when there are more than 1 RBAC filter configured with // shadow rules. ShadowRulesStatPrefix string `` /* 128-byte string literal not displayed */ // contains filtered or unexported fields }
RBAC filter config. [#next-free-field: 6]
func (*RBAC) ProtoReflect ¶
func (x *RBAC) ProtoReflect() protoreflect.Message
type RBACPerRoute ¶
type RBACPerRoute struct { // Override the global configuration of the filter with this new config. // If absent, the global RBAC policy will be disabled for this route. Rbac *RBAC `protobuf:"bytes,2,opt,name=rbac,proto3" json:"rbac,omitempty"` // contains filtered or unexported fields }
func (*RBACPerRoute) Descriptor
deprecated
func (*RBACPerRoute) Descriptor() ([]byte, []int)
Deprecated: Use RBACPerRoute.ProtoReflect.Descriptor instead.
func (*RBACPerRoute) GetRbac ¶
func (x *RBACPerRoute) GetRbac() *RBAC
func (*RBACPerRoute) ProtoMessage ¶
func (*RBACPerRoute) ProtoMessage()
func (*RBACPerRoute) ProtoReflect ¶
func (x *RBACPerRoute) ProtoReflect() protoreflect.Message
func (*RBACPerRoute) Reset ¶
func (x *RBACPerRoute) Reset()
func (*RBACPerRoute) String ¶
func (x *RBACPerRoute) String() string
Click to show internal directories.
Click to hide internal directories.